This sample shows you how to get client credentials from a web app. Because the OAuth API is not CORS-enabled and requests must be made from the server side, the app sends necessary information to a proxy, which then makes the api request and sends the response back to the client. The proxy here is written in PHP, but any server-side language will do - you just need to be able to send a POST request to the app over the internet.

Getting your BC_TOKEN

To get a client_id and client_secret via the OAuth API, you will need a BC_TOKEN to authenticate your request. Your BC_TOKEN is set as a cookie when you login to Studio. You can get that cookie any way you like, but to make it easier, we have created the following JavaScript snippet - you can paste it into the developer console when you are logged into Studio, press return, and a prompt will appear containing the BC_TOKEN:

Note that you must be an admin for your account (or get an admin's BC_TOKEN) in order to create client credentials. If you do not have an admin BC_TOKEN, the request below will return an error.

Proxy code

In order to build your own version the sample app on this page, you must create and host your own proxy. This proxy is somewhat different than the proxy used for most of our sample apps, because authentication for the OAuth API method for creating client credentials is different that that for general API authentication. Complete code for the proxy used here is shown below.